CompTIA CySA+ (CS0-002) — Question 14

A security analyst received a series of antivirus alerts from a workstation segment, and users reported ransomware messages. During lessons-learned activities, the analyst determines the antivirus was able to alert to abnormal behavior but did not stop this newest variant of ransomware. Which of the following actions should be taken to BEST mitigate the effects of this type of threat in the future?

Answer options

• A. Enabling sandboxing technology
• B. Purchasing cyber insurance
• C. Enabling application blacklisting
• D. Installing a firewall between the workstations and internet

Correct answer: A

Explanation

Enabling sandboxing technology is the best option because it allows for the testing of applications in a controlled environment, preventing malicious software from affecting the system. Purchasing cyber insurance does not directly mitigate threats but rather provides financial coverage after an incident occurs. Enabling application blacklisting can help but may not be as effective against new, unknown threats as sandboxing. Installing a firewall can enhance security but may not specifically address the behavior of malicious software.